Uploaded image for project: 'Couchbase Kubernetes'
  1. Couchbase Kubernetes
  2. K8S-1955

Document Helm 2.1 upgrade process with tls.generate=true

    XMLWordPrintable

Details

    • Page
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 2.2.0
    • documentation, helm
    • None
    • 16: Autoscaling/PE/Docs
    • 1

    Description

      From the values.yaml for Helm we have the following:

        # TLS Certs that will be used to encrypt traffic between operator and couchbase
        tls:
          # enable to auto create certs
          generate: false
          # Expiry time of CA in days for generated certs
          expiration: 365
      
      

      We need to explain this bit better, when customer set this to true, the Operator will actually go through the process of creating the certs (https://docs.couchbase.com/operator/current/tutorial-tls.html#creating-a-client-certificate) and then create and config the secrets (https://docs.couchbase.com/operator/current/howto-tls.html) for the cluster.

      This causes an issue with upgrade as noted in https://issues.couchbase.com/browse/K8S-1900 because with Operator 2.1 requires an extra SAN

      ```
      DNS:host.${cluster}.${namespace}.svc.cluster.local
      ```

      Without this, when upgrading the Operator will report this error:

      {"level":"error","ts":1611102051.5212724,"logger":"cluster","msg":"Reconciliation failed","cluster":"default/demo","error":"certificate cannot be verified for zone: x509: certificate is valid for localhost, *.demo-couchbase-cluster.default.svc, *.demo-couchbase-cluster.default, *.demo-couchbase-cluster, *.demo-couchbase-cluster-srv.default.svc, *.demo-couchbase-cluster-srv.default, *.demo-couchbase-cluster-srv, demo-couchbase-cluster-srv.default.svc, demo-couchbase-cluster-srv.default, demo-couchbase-cluster-srv, *.demo-couchbase-cluster-srv.default.svc.cluster.local, host.demo-couchbase-cluster.default.svc.cluster.local, not host.demo
      

      We need to document the workaround, which is to regenerate the secrets using the values.yaml with the 2.1 chart

      ```
      helm template demo --values values.yaml couchbase/couchbase-operator > secretsdemo.yaml
      ```

      Then replace the secrets, after this we can then proceed to upgrade the Operator.

      Draft Documentation

      Manage. Helm. Helm Deployment

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            Assigning to Arunkumar Senthilnathan to handle QE review assignment.

            Note that this documentation was already cherry-picked to 2.1.

            eric.schneider Eric Schneider (Inactive) added a comment - Assigning to Arunkumar Senthilnathan to handle QE review assignment. Note that this documentation was already cherry-picked to 2.1.

            QE is not involved in Helm testing - closing this as Tommie has reviewed the steps

            arunkumar Arunkumar Senthilnathan added a comment - QE is not involved in Helm testing - closing this as Tommie has reviewed the steps

            People

              arunkumar Arunkumar Senthilnathan
              tin.tran Tin Tran
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty